From tcode CL30N can call any tcode

rodrigo_paisante3 · ‎2011 Dec 28

Hi all,

I have a big problem: from CL30N user can call any other tcode.

In tcode CL30N, enter class and type class. Next step is click on FIND IN INITIAL CLASS button.

Then in Environment -> define function. Is the bad screen...

The user can set new values, and putting T and the wanted tcode, he can break authority check.

Just select a line and the RUN button will call the tcode.

How to disable this? This process execute FM CLSD_EXECUTE_FUNCTION.

thanks in advance.

Former Member · ‎2011 Dec 28

dont assign authorizations directly on tcode name..

see which authorization objects the Tcode correspond to and assign the roles based on that, with this no one can break with any FM or Tcode

Clemenss · ‎2011 Dec 28

Hi Rodrigo,

CL30N is controlled by authority object C_KLAH_BSE. You may restrict using this object or just do not give access to this transaction.

If this way is not the best for your environment, you can create an implicit enhancement at the end of FORM check_existence_of_rep_ta in program SAPLCLSD, include LCLSDF0N.

Most simply, do an authority-check for object S_TCODE with tcode p_tcode.

If you can wait a couple of days, create a customer question on SAP service (OSS) and wait for the NOTE to be created by SAP - because this looks like just another security gap.

Thanks for the hint.

Regards,

Clemens

rodrigo_paisante3 · ‎2011 Dec 29

Thanks!

We will create a customer question on Sap service and wait what to do.

Form check_existence_of_rep_ta is the right point to do an enhacement.

Cut user's fingers also solve problem too...

Best regards.

Rodrigo Paisante

By Category

Related Content

Activity Groups

Industry Groups

Influence and Feedback Groups

Interest Groups

Location Groups

Customer Only Groups

Forums

Related Resources

Products

Learning and Support

About

My Account

My Account

From tcode CL30N can call any tcode